Re : Re : silly question of framed IP address

2008-07-17 Thread Joel MBA OYONE 
lol!!

sometimes, peeps use to turn the questions and the answers... to be sure!! but 
what a shame!! i don't have hand on the dhcp server!!



thank you guys!!

 
MBA OYONE Joël
Lot. El Firdaous
Bât GH20, Porte A 204, Appt 8
2 Oulfa
Casablanca - Maroc
 
Tél. : +212 69 25 85 70



- Message d'origine 
De : Ivan Kalik <[EMAIL PROTECTED]>
À : FreeRadius users mailing list 
Envoyé le : Jeudi, 17 Juillet 2008, 14h07mn 38s
Objet : Re: Re : silly question of framed IP address

>But, is there a way to oblige some comp to use a specific IP address using 
>radius attribute??

"I refer the Honourable Member to the answer given before." :)

>  The Framed-IP-Address assigns IP addresses for PPP sessions.  It does
>*nothing* for 802.1x sessions.

The fact you don't like the answer doesn't change a thing.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



  
_ 
Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re : Re : certificate client.* non valid on windows XP

2008-07-12 Thread Joel MBA OYONE 
Thanx a lot guy!

I tried to create my own certificate (that i didn't verify), but i still 
encounter a problem generating the client certificate: the key file and and the 
.912 file are empty and i don't know why. (size 0 kb), and it gives no error 
message!!

i will try the scripts you gave me...

mine are below and could be have a mistake on cleints lines:

-
-

##
#
#  Create a new self-signed CA certificate
#
##
# cakey.pem, cacert.pem:
openssl req -new -x509 -keyout /etc/raddb/Md5CA/Private/cakey.pem -out 
/etc/raddb/Md5CA/cacert.pem -config /etc/raddb/Md5CA/conf/ca.cnf

ca.der: ca.pem
openssl x509 -inform PEM -outform DER -in /etc/raddb/Md5CA/cacert.pem -out 
/etc/raddb/Md5CA/cacert.der

##




# requete de cerificat server

openssl req -newkey rsa:1024 -keyout 
/etc/raddb/Md5CA/keys/radiusserver2_key.pem -out 
/etc/raddb/Md5CA/req/radiusserver2_cert.req -config 
/etc/raddb/Md5CA/conf/server.cnf


# Signature du certificat server

openssl ca -out /etc/raddb/Md5CA/certs/radiusserver2_cert.pem 
-extensions xpserver_ext -extfile /etc/ssl/xpextensions -infiles 
/etc/raddb/Md5CA/req/radiusserver2_cert.req

===
==

# requete de cerificat client

#openssl req -new -nodes -keyout /etc/raddb/Md5CA/keys/toutou_key.pem 
-out /etc/raddb/Md5CA/req/toutou_cert.req
openssl req -newkey rsa:1024 -keyout 
/etc/raddb/Md5CA/keys/toutou_key.pem -out /etc/raddb/Md5CA/req/toutou_cert.req 
-config /etc/raddb/Md5CA/conf/client.cnf

# Signature du certificat client

openssl ca -out /etc/raddb/certs/Md5CA/certs/toutou_cert.pem 
-extensions xpclient_ext -extfile /etc/ssl/xpextensions -infiles 
/etc/raddb/Md5CA/req/toutou_cert.req

# conversion du certificat client au format pkcs12

openssl pkcs12 -export -in /etc/raddb/Md5CA/certs/toutou_cert.pem 
-inkey /etc/raddb/Md5CA/key/toutou_key.pem -out 
/etc/raddb/Md5CA/certs/p12s/toutou_certs.p12  -clcerts




##
#
#  Miscellaneous rules.
#
##
index.txt:
@touch index.txt

serial:
@echo '01' > serial

random:
@if [ -e /dev/urandom ] ; then \
dd if=/dev/urandom of=./random count=10 >/dev/null 2>&1; \
else \
date > ./random; \
fi

print:
openssl x509 -text -in server.crt

printca:
openssl x509 -text -in ca.pem

clean:
@rm -f *~ *old client.csr client.key client.crt client.p12 client.pem

#
#  Run distclean ONLY if there's a CVS directory, AND it points to
#  cvs.freeradius.org.  Otherwise, it would be easy for administrators
#  to type "make distclean", and destroy their CA and server certificates.
#
distclean:
@if [ -d CVS -a `grep -i 'cvs\.freeradius\.org' CVS/Root` ] ; then \
rm -f *~ dh *.csr *.crt *.p12 *.der *.pem *.key index.txt* \
serial* random *\.0 *\.1; \
fi



 
MBA OYONE Joël
Lot. El Firdaous
Bât GH20, Porte A 204, Appt 8
2 Oulfa
Casablanca - Maroc
 
Tél. : +212 69 25 85 70



- Message d'origine 
De : Sergio <[EMAIL PROTECTED]>
À : FreeRadius users mailing list 
Envoyé le : Lundi, 14 Juillet 2008, 21h50mn 42s
Objet : Re : certificate client.* non valid on windows XP

Reveal MAP escribió:
> Thanx for your help Sergio, but it is exactly the same!! it doesn't work.
>
> - Message d'origine 
> De : Sergio <[EMAIL PROTECTED]>
> À : FreeRadius users mailing list 
> Envoyé le : Dimanche, 13 Juillet 2008, 18h51mn 41s
> Objet : Re : certificate client.* non valid on windows XP
>
> Reveal MAP escribió:
> > Installing ca.der, server.crt and client.crt, i obtain exactly the
> > same result!!
> >
> > - Message d'origine 
> > De : Sergio <[EMAIL PROTECTED] 
> >
> > À : FreeRadius users mailing list 
>  >
> > Envoyé le : Dimanche, 13 Juillet 2008, 16h59mn 38s
> > Objet : Re: Re : certificate client.* non valid on windows XP
> >
> > Reveal MAP escribió:
> > > Thank you Sergio for your answer.
> > >
> > >
> > > - windows says too that one of the certificate authority seems to not
> > > be able to deliver certificate or can't be used as final entity...
> > > so, I tried what you said:  install Server.p12

Re : Hi

2008-06-16 Thread Joel MBA OYONE 
so the HOW_TO about active diretory/freeradius seem to be enough. I asked cause 
i noticed that most of the tips on www.freeradius.org point to 1.1x and i use 
2.0.x

thanx for the answer

 
MBA OYONE Joël
Lot. El Firdaous
Bât GH20, Porte A 204, Appt 8
2 Oulfa
Casablanca - Maroc
 
Tél. : +212 69 25 85 70



- Message d'origine 
De : Sambuddho Chakravarty <[EMAIL PROTECTED]>
À : FreeRadius users mailing list 
Envoyé le : Lundi, 16 Juin 2008, 18h39mn 07s
Objet : Re: Hi

Hello
For ldap you need to configure the module/ldap file and not active
directory (which I think uses EAP).

Thanks
Sambuddho
On Mon, 2008-06-16 at 20:21 +0200, [EMAIL PROTECTED] wrote:
> Is this this HOW_TO  
> (http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO) up 
>  
> to date to make freeradius_conneceted to ldap or there is something  
> else to do ?
> 
> - thanx!
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



  
_ 
Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re : Re : Re : Dynamic VLAN and FreeRadius

2008-05-22 Thread Joel MBA OYONE 
Um... i think i just sent an empty response, sorry about that and thank you for 
this clear explanation.  i just will change my NAS!
(but i will call d-link before ).

see ya!


Joel MBA OYONE wrote:
> We all agree that assocation is made before authentication process, in
> order to RADIUS to be able to do its stuffs. but the fact is that it
> doesn't work,

  Then your NAS is broken.  Buy a real NAS that supports VLAN assignment.

>  and i was wondering what would be the result if i set:
> "Tunnel-Private-Group-ID = 100" (when the SSID were i am connected is
> assiged to VLAN 200, according to how my device work) .

  We told you what the result was: We don't know.  Go read your NAS
documentation.  If it doesn't say, it's because your NAS is broken.

> i learnt freeradius stuffs and with the help of the guys here, i am now
> able to setup it correctly!!!  Access point  authentication works well,
> but  end-users authentication doing some EAP  fails but stay without no
> response after the access-challenge!! (saying no correct login/password
> find, or requiring client certificate, depending if i am doing tls or
> peap).

  This is in the FAQ, and in the comments in eap.conf.

> please note that it deons'nt tell me that my certificates are incorrect,

  Windows doesn't do that.  It just stops doing EAP.

  Please stop trying to figure it out.  Believe what we're saying.
We've seen your situation hundreds of times.  It's nothing new.

> - About the limitations of the device, i posted on d-link support a week
> ago and i am still waiting for the answer.

  Exactly.  Buy a device that is *documented* as doing VLAN assignment.

> Any people interested in help could just read page 200 - 209 of this
> documents and give advices.

  Sorry.  Buy a real NAS that works.  You're wasting your time trying to
make a broken NAS do VLAN assignment.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


__
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible 
contre les messages non sollicités 
http://mail.yahoo.fr Yahoo! Mail -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re : Re : Re : Dynamic VLAN and FreeRadius

2008-05-22 Thread Joel MBA OYONE 


 
MBA OYONE Joël
Lot. El Firdaous
Bât GH20, Porte A 204, Appt 8
2 Oulfa
Casablanca - Maroc
 
Tél. : +212 69 25 85 70



- Message d'origine 
De : Alan DeKok <[EMAIL PROTECTED]>
À : FreeRadius users mailing list 
Envoyé le : Jeudi, 22 Mai 2008, 17h37mn 46s
Objet : Re: Re : Re : Dynamic VLAN and FreeRadius

Joel MBA OYONE wrote:
> We all agree that assocation is made before authentication process, in
> order to RADIUS to be able to do its stuffs. but the fact is that it
> doesn't work,

  Then your NAS is broken.  Buy a real NAS that supports VLAN assignment.

>  and i was wondering what would be the result if i set:
> "Tunnel-Private-Group-ID = 100" (when the SSID were i am connected is
> assiged to VLAN 200, according to how my device work) .

  We told you what the result was: We don't know.  Go read your NAS
documentation.  If it doesn't say, it's because your NAS is broken.

> i learnt freeradius stuffs and with the help of the guys here, i am now
> able to setup it correctly!!!  Access point  authentication works well,
> but  end-users authentication doing some EAP  fails but stay without no
> response after the access-challenge!! (saying no correct login/password
> find, or requiring client certificate, depending if i am doing tls or
> peap).

  This is in the FAQ, and in the comments in eap.conf.

> please note that it deons'nt tell me that my certificates are incorrect,

  Windows doesn't do that.  It just stops doing EAP.

  Please stop trying to figure it out.  Believe what we're saying.
We've seen your situation hundreds of times.  It's nothing new.

> - About the limitations of the device, i posted on d-link support a week
> ago and i am still waiting for the answer.

  Exactly.  Buy a device that is *documented* as doing VLAN assignment.

> Any people interested in help could just read page 200 - 209 of this
> documents and give advices.

  Sorry.  Buy a real NAS that works.  You're wasting your time trying to
make a broken NAS do VLAN assignment.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


__
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible 
contre les messages non sollicités 
http://mail.yahoo.fr Yahoo! Mail -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re : Re : Dynamic VLAN and FreeRadius

2008-05-22 Thread Joel MBA OYONE 
(generally at least in the Cisco world with 
'Tunnel-Private-Group-ID', like you meantioned) but you'll never be able 
to force a user to switch SSID's because that is client controlled.

AP's map VLAN's to SSID's internally some allow n to 1  and 1 to n 
relationships, others like your d-links only allow a direct mapping. 

Basically it sounds like you are limited by the constraints of you NAS.

Joe Vieira
UNIX Systems Administrator
Clark University

Joel MBA OYONE wrote:
> Alan,
>
> I possess a device from D-Link (DWS-3024). it is a wireless switch 
> controler, and the documentation says that:
>  - One SSID has to be affect to one VLAN on the profile.
>  - An Access point could be configured with up to 8 ifferent SSIDs and 
> it is possible to affect each SSID on its own network (below is a link 
> which show you the config page) or all SSID on the same network.  
> maybe i didn't read it correctly, so here is the link (see page 89-90 
> and maybe 91 too.): 
> ftp://ftp.dlink.fr/DWS/DWS-3024/Manuel/DWS-3000_Series_User_Manual_v2.00.pdf
>
> i asked you stuffs about SSIDs/VLAN cause all my APs (about 30) will 
> receive the same profile, and the profile will have 3 differents SSIDS 
> with diffrents security access levels and network from the wireless 
> switch.
>
> for example, in the same room, associated to the same AP, students and 
> teachers will connect to diffrent SSIDs coming from that same AP, and 
> some will have to athenticate via EAP-PEAP, other will require EAP-TLS.
>
> this other short file explain point to point what is my config and 
> waht i am trying to do:
> ftp://ftp.dlink.fr/DWS/DWS-3024/QIG/QIG_DWS-3024_WPA2.pdf
> read it and maybe you could understand me.
>
>
> regards
>
> Joel MBA OYONE wrote:
> >>  No.  VLAN assignment is after SSID association, and after 802.1x
> >> authentication.
> >
> > OK, is it possible to associate in SSID_1 and be assigned to a different
> > VLAN than the we are associated in ?
>
>   That doesn't make sense.  SSID's aren't tied to VLANs, unless you
> configure them that way.
>
> > (exemple, when i am associated to
> > SSID_1, which belongs to VLAN100,
>
>   No... SSID's have nothing to do with VLAN's.
>
> > RADIUS sends me
> > "Tunnel-Private-Group-ID = 200", which belongs to another SSID, what
> > would happen and would authentication process success?)
>
>   Read your NAS documentation to see how to do VLAN assignment, and how
> it interacts with SSID's.
>
> > - if i am assigned to another couple of SSID/VLAN than the one i am
> > connected now by RADIUS, would authentication process restart at the
> > beginning?
>
>   Stop talking about "SSID/VLAN".  They are separate things.
>
>   When you do VLAN assignment with RADIUS, you do NOT need to
> re-authenticate.
>
> > - is it possible to do EAP-TLS, EAP-PEAP and EAP-MD5 without the use of
> > 802.1x when RADIUS is the authentication Server for a supplicant?
>
>   What does that mean?
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
>
> __
> Do You Yahoo!?
> En finir avec le spam? Yahoo! Mail vous offre la meilleure protection 
> possible contre les messages non sollicités
> http://mail.yahoo.fr Yahoo! Mail 
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

__
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible 
contre les messages non sollicités 
http://mail.yahoo.fr Yahoo! Mail -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re : Dynamic VLAN and FreeRadius

2008-05-22 Thread Joel MBA OYONE 
Alan, 

I possess a device from D-Link (DWS-3024). it is a wireless switch controler, 
and the documentation says that:
 - One SSID has to be affect to one VLAN on the profile.
 - An Access point could be configured with up to 8 ifferent SSIDs and it is 
possible to affect each SSID on its own network (below is a link which show you 
the config page) or all SSID on the same network.  maybe i didn't read it 
correctly, so here is the link (see page 89-90 and maybe 91 too.): 
ftp://ftp.dlink.fr/DWS/DWS-3024/Manuel/DWS-3000_Series_User_Manual_v2.00.pdf

i asked you stuffs about SSIDs/VLAN cause all my APs (about 30) will receive 
the same profile, and the profile will have 3 differents SSIDS with diffrents 
security access levels and network from the wireless switch. 

for example, in the same room, associated to the same AP, students and teachers 
will connect to diffrent SSIDs coming from that same AP, and some will have to 
athenticate via EAP-PEAP, other will require EAP-TLS.

this other short file explain point to point what is my config and waht i am 
trying to do:
ftp://ftp.dlink.fr/DWS/DWS-3024/QIG/QIG_DWS-3024_WPA2.pdf
read it and maybe you could understand me.


regards


Joel MBA OYONE wrote:
>>  No.  VLAN assignment is after SSID association, and after 802.1x
>> authentication.
> 
> OK, is it possible to associate in SSID_1 and be assigned to a different
> VLAN than the we are associated in ?

  That doesn't make sense.  SSID's aren't tied to VLANs, unless you
configure them that way.

> (exemple, when i am associated to
> SSID_1, which belongs to VLAN100,

  No... SSID's have nothing to do with VLAN's.

> RADIUS sends me
> "Tunnel-Private-Group-ID = 200", which belongs to another SSID, what
> would happen and would authentication process success?)

  Read your NAS documentation to see how to do VLAN assignment, and how
it interacts with SSID's.

> - if i am assigned to another couple of SSID/VLAN than the one i am
> connected now by RADIUS, would authentication process restart at the
> beginning?

  Stop talking about "SSID/VLAN".  They are separate things.

  When you do VLAN assignment with RADIUS, you do NOT need to
re-authenticate.

> - is it possible to do EAP-TLS, EAP-PEAP and EAP-MD5 without the use of
> 802.1x when RADIUS is the authentication Server for a supplicant?

  What does that mean?

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


__
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible 
contre les messages non sollicités 
http://mail.yahoo.fr Yahoo! Mail -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re : Re : Dynamic VLAN and FreeRadius

2008-05-22 Thread Joel MBA OYONE 


 Alan DeKok. wrote:


>  No.  VLAN assignment is after SSID association, and after 802.1x
> authentication.

OK, is it possible to associate in SSID_1 and be assigned to a different VLAN 
than the we are associated in ? (exemple, when i am associated to SSID_1, which 
belongs to VLAN100, RADIUS sends me "Tunnel-Private-Group-ID = 200", which 
belongs to another SSID, what would happen and would authentication process 
success?) 


- if i am assigned to another couple of SSID/VLAN than the one i am connected 
now by RADIUS, would authentication process restart at the beginning?
- is it possible to do EAP-TLS, EAP-PEAP and EAP-MD5 without the use of 802.1x 
when RADIUS is the authentication Server for a supplicant?

  thanx!

List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


__
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible 
contre les messages non sollicités 
http://mail.yahoo.fr Yahoo! Mail -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re : Dynamic VLAN and FreeRadius

2008-05-21 Thread Joel MBA OYONE 

> for example, a Cisco device would want the tunnel medium type, type and
> private group id 

   Tunnel-Medium-Type = "IEEE-802"
   Tunnel-Type = "VLAN"
   Tunnel-Private-Group-Id = "100"
> this would tell the NAS to put the user onto VLAN 100

So if SSID "friend" is assigned to VLAN 100, the end-user will associate with 
that SSID, right??


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


__
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible 
contre les messages non sollicités 
http://mail.yahoo.fr Yahoo! Mail -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re : EAP-TTLS w/MS-CHAPv2

2008-05-21 Thread Joel MBA OYONE 
> You'll also need a raddb/sites-enabled/inner-tunnel file.  It's not
> installed in 2.0.3.  This was fixed in 2.0.4.

what is "inner-tunnel file intend for ??


__
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible 
contre les messages non sollicités 
http://mail.yahoo.fr Yahoo! Mail -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re : howto EAP-TLS on freeradius 2.0.2-3 ??

2008-05-18 Thread Joel MBA OYONE 

So i really wonder where is the problem !!!
maybe it is due to the hardware i use...

my switch is wireless controller -all AP rceive their config (RF, SSID, 
channels, Power Radio, security styuffs, etc..) from the switch. so when RADIUS 
authentication is set-up, every AP have to be authenticated by Freeradius 
before receiving the correct parameters by FR, using its @MAC as login and the 
word NOPASSWORD as password (that the theoroy said. cause i had to set 
Auth-Type := Accept to make it work). at this stage, authenticator is the 
wireless switch. it works with or without 802.1x ON. it work fine, and the AP 
are well manged by a centralpoint. no RADIUS problem with AP authetication.

- step2:
when an AP is recognized, end-users have to be autneticated too by RADIUS. this 
step, like the documentation says, the managed AP becomes "Authenticator". -so 
an entry exist for every AP in clients.conf too)

during the connection attempts, Radius receive acess request, and the correct 
certificate is chosen -he give me the correcte commonnameof certificate- but i 
think the supplicant (end-user on xp) never receive the access-challenge, even 
if it is sent by RADIUS Server.

i don't know if i am well understood or if I "do" misundertood something but it 
works like that at me now.

i installed, reinstalled and formated so much time that i am convincedthat i 
won't success alone.
Hey Ivan, won't you try to help me to fix this stone? i have definitely nodelay 
anymore, and no solution too. Freeradius is your own and i ma pretty sure that 
we could both fix the problem between a quarter or a half if you take fulll 
remote control of my computer and network, assisting you and telling my 
purpose. 

thanx for help.





- Message d'origine 
De : Ivan Kalik <[EMAIL PROTECTED]>
À : FreeRadius users mailing list 
Envoyé le : Lundi, 19 Mai 2008, 0h37mn 23s
Objet : RE: Re : Re : Re : howto EAP-TLS on freeradius 2.0.2-3 ??

>Ok, we assume my certificates are corrects.
>
>So i have some more questions:
>
>
>- Certificate should be import for user accounts or for computer account ?


Who/what ever is you supplicant trying to authenticate. If the supplicant
can't find the correct certificate it will give up.

>
>- i use the file "users" as database for my accounts; when using eap-tls
>when trying eap-peap my accounts looks like that:
>
>>> johndoe Auth-Type: = EAP, User-Password == �test1234"
>>>  Tunnel-Type = 13,
>>>  Tunnel-Medium-Type = 6,
>
>or 
>>> johndoe   User-Password == �test1234"
>>>  Tunnel-Type = 13,
>>>  Tunnel-Medium-Type = 6,


No, don't use Auth-Type. Use Cleartext-Password or NT-Password (names
clearly suugest are they encrypted and how) with mschap.

>
>
>- when i use eap-tls, it looks like that:
>
>>> johndoe 
>>>  Tunnel-Type = 13,
>>>  Tunnel-Medium-Type = 6,
>-
>
>and sometimes, i add add the assignment of Vlan by using the attribute '
Tunnel-Private-Group-ID = 100" -vlan 100 is affected to the ssid i am
interested in-
>
>is it correct?

It will work, but it's more common to use "human" values (VLAN and
IEEE-802).

Ivan Kalik
Kalik Informatika ISP


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


__
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible 
contre les messages non sollicités 
http://mail.yahoo.fr Yahoo! Mail 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re : Re : Re : howto EAP-TLS on freeradius 2.0.2-3 ??

2008-05-18 Thread Joel MBA OYONE 
Ok, we assume my certificates are corrects.

So i have some more questions:


- Certificate should be import for user accounts or for computer account ?

- i use the file "users" as database for my accounts; when using eap-tls
when trying eap-peap my accounts looks like that:

>> johndoe Auth-Type: = EAP, User-Password == �test1234"
>>  Tunnel-Type = 13,
>>  Tunnel-Medium-Type = 6,

or 
>> johndoe   User-Password == �test1234"
>>  Tunnel-Type = 13,
>>  Tunnel-Medium-Type = 6,


- when i use eap-tls, it looks like that:

>> johndoe 
>>  Tunnel-Type = 13,
>>  Tunnel-Medium-Type = 6,
-

and sometimes, i add add the assignment of Vlan by using the attribute ' 
Tunnel-Private-Group-ID = 100" -vlan 100 is affected to the ssid i am 
interested in-

is it correct?
Yes! it is in the personal store!

- so problem is not with certificate ?? in this case, wht should be checked?
- config?
- hardware?

i'd like to use eap-tls and/or eap-peap


MBA OYONE Joël
Lot. El Firdaous
Bât GH20, Porte A 204, Appt 8
2 Oulfa
Casablanca - Maroc

Tél. : +212 69 25 85 70


- Message d'origine 
De : Ivan Kalik <[EMAIL PROTECTED]>
À : FreeRadius users mailing list 
Envoyé le : Dimanche, 18 Mai 2008, 17h00mn 59s
Objet : Re: Re : howto EAP-TLS on freeradius 2.0.2-3 ??

>you can view screenshots of the certificate here:
>
>- CA Certificate that i imported on XP with DER format:
>http://img357.imageshack.us/img357/2264/cacertificate1wj4.jpg
>
>- Client Certificate with p12 format:
>http://img164.imageshack.us/img164/2894/certifclient1kf1.jpg
>http://img164.imageshack.us/img164/7527/certifclient2rv3.jpg
>

Those certificates are fine. Where did you import the client certificate?
Is it in the Personal store?

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


__
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible 
contre les messages non sollicités 
http://mail.yahoo.fr Yahoo! Mail 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


__
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible 
contre les messages non sollicités 
http://mail.yahoo.fr Yahoo! Mail 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re : Re : howto EAP-TLS on freeradius 2.0.2-3 ??

2008-05-18 Thread Joel MBA OYONE 
Yes! it is in the personal store!

- so problem is not with certificate ?? in this case, wht should be checked?
 - config?
- hardware?

i'd like to use eap-tls and/or eap-peap

 
MBA OYONE Joël
Lot. El Firdaous
Bât GH20, Porte A 204, Appt 8
2 Oulfa
Casablanca - Maroc
 
Tél. : +212 69 25 85 70


- Message d'origine 
De : Ivan Kalik <[EMAIL PROTECTED]>
À : FreeRadius users mailing list 
Envoyé le : Dimanche, 18 Mai 2008, 17h00mn 59s
Objet : Re: Re : howto EAP-TLS on freeradius 2.0.2-3 ??

>you can view screenshots of the certificate here:
>
>- CA Certificate that i imported on XP with DER format:
>http://img357.imageshack.us/img357/2264/cacertificate1wj4.jpg
>
>- Client Certificate with p12 format:
>http://img164.imageshack.us/img164/2894/certifclient1kf1.jpg
>http://img164.imageshack.us/img164/7527/certifclient2rv3.jpg
>

Those certificates are fine. Where did you import the client certificate?
Is it in the Personal store?

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


__
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible 
contre les messages non sollicités 
http://mail.yahoo.fr Yahoo! Mail 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re : howto EAP-TLS on freeradius 2.0.2-3 ??

2008-05-18 Thread Joel MBA OYONE 
Key
Usage filed containing client OID. Does your client certificate have
that field and that value?

Ivan Kalik
Kalik Informatika ISP


Dana 7/5/2008, "Joel MBA OYONE" <[EMAIL PROTECTED]> piše:

>Ok,
>
>i
think i really missed something! that config should take less than 15
minutes but i can't solve my problem for more than a week.
>
>Alan
or Ivan, could you give me a half our to help me to fix my RADIUS
EAP-TLS config please. i would like to give you a full access to my
network and my terminal too, so the diagnostic should be very very easy
for you!
>is it possible?
>
> 
>MBA OYONE JoĂŤl
>Lot. El Firdaous
>Bât GH20, Porte A 204, Appt 8
>2 Oulfa
>Casablanca - Maroc
> 
>TĂŠl. : +212 69 25 85 70
>
>
>- Message d'origine ----
>De : Alan DeKok <[EMAIL PROTECTED]>
>� : FreeRadius users mailing list 
>EnvoyĂŠ le : Lundi, 5 Mai 2008, 17h18mn 10s
>Objet : Re: Re : howto EAP-TLS on freeradius 2.0.2-3 ??
>
>Joel MBA OYONE wrote:
>...
>> The VLAN attributes defined in RFC3580 are as follows:
>> �  Tunnel-Type=VLAN (13)
>> �  Tunnel-Medium-Type=802
>> �  Tunnel-Private-Group-ID=VLANID
>> 
>> NOTE: The FreeRADIUS dictionary maps the 802 string value to the integer 6, 
>> which
>>is why client entries use 6 for the Tunnel-Medium-Type value.
>
>  No.  For Tunnel-Medium-Type, "802" is a *name*, not a *number*.See
>Section 3.2 of RFC 2868:
>
>...
>  Value
>  The Value field is three octets and contains one of the values
>  listed under "Address Family Numbers" in [14].  For the sake of
>  convenience, a relevant excerpt of this list is reproduced below.
>
>  1  IPv4 (IP version 4)
>  2  IPv6 (IP version 6)
>  3  NSAP
>  4  HDLC (8-bit multidrop)
>  5  BBN 1822
>  6  802 (includes all 802 media plus Ethernet "canonical format")
>...
>
>  FreeRADIUS gets it *right*.  Many NAS vendors get it *wrong*.
>
>> To create a user and assign the user to a particular VLAN by using 
>> FreeRADIUS, open the
>> etc/raddb/users file, which contains the user account information, and add 
>> for the new user.
>> The following example shows the entry for a user in the users file. The 
>> username is
>> �johndoe,� the password is �test1234.� The user is assigned to VLAN 
>> 77.
>> 
>> johndoe Auth-Type: = EAP, User-Password == �test1234"
>>  Tunnel-Type = 13,
>>  Tunnel-Medium-Type = 6,
>
>  Or:  Tunnel-Medium-Type = IEEE-802
>
>> 
>>
in both cases, it stays on "IDENTITY VALIDATION" in xp wireless
management and sometime i receive the right ip adresss in the right IP
Pool. ut lost it immediately, maybe cause of the repeating cycle of
athentication sequence.
>> AND, the client certificate, signed by the Server (not the CA root) is still 
>> with the same message.
>> 
>> 
>> hope it would be helpfull !!
>
>  Arg.  Microsoft keeps putting magic nonsense into their OS's to make
>it difficult to use non-Microsoft RADIUS servers.
>
>  And yes, this *is* a problem even inside of Microsoft!  So if you're
>finding it a PITA to get it working, rest assured that Microsoft does, too.
>
>  Alan DeKok.
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>__
>Do You Yahoo!?
>En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible 
>contre les messages non sollicitĂŠs 
>http://mail.yahoo.fr Yahoo! Mail 
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


__
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible 
contre les messages non sollicités 
http://mail.yahoo.fr Yahoo! Mail 

-La pièce jointe correspondante suit-

##
#
#  Create a new self-signed CA certificate
#
##
cakey.key cacert.pem:
openssl req -new -x509 -keyout cakey.pem -out cacert.pem -config ./ca.cnf 

ca.der: ca.pem
openssl x509 -inform PEM -outform DER -in cac.pem -out ca.der

##




# requete de cerificat server

openssl
req -newkey rsa:1024 -keyout
/etc/raddb/certs/CA/other_keys/servradiuskey.pem -out
/etc/raddb/certs/CA/req/servradius_cert.req  


# Signature du certificat server

openssl
ca -out /etc/raddb/certs/CA/certs/serverradiuscert

Re : Re : Re : howto EAP-TLS on freeradius 2.0.2-3 ??

2008-05-07 Thread Joel MBA OYONE 
up! 
(never says die)


 ==


Ok,

i think i really missed something! that config should take less than 15 minutes 
but i can't solve my problem for more than a week.

Alan or Ivan, could you give me a half our to help me to fix my RADIUS EAP-TLS 
config please. i would like to give you a full access to my network and my 
terminal too, so the diagnostic should be very very easy for you!
is it possible?


MBA OYONE Joël
Lot. El Firdaous
Bât GH20, Porte A 204, Appt 8
2 Oulfa
Casablanca - Maroc

Tél. : +212 69 25 85 70


- Message d'origine 
De : Alan DeKok <[EMAIL PROTECTED]>
À : FreeRadius users mailing list 
Envoyé le : Lundi, 5 Mai 2008, 17h18mn 10s
Objet : Re: Re : howto EAP-TLS on freeradius 2.0.2-3 ??

Joel MBA OYONE wrote:
...
> The VLAN attributes defined in RFC3580 are as follows:
> •   Tunnel-Type=VLAN (13)
> •   Tunnel-Medium-Type=802
> •   Tunnel-Private-Group-ID=VLANID
> 
> NOTE: The FreeRADIUS dictionary maps the 802 string value to the integer 6, 
> which
> is why client entries use 6 for the Tunnel-Medium-Type value.

  No.  For Tunnel-Medium-Type, "802" is a *name*, not a *number*.See
Section 3.2 of RFC 2868:

...
   Value
  The Value field is three octets and contains one of the values
  listed under "Address Family Numbers" in [14].  For the sake of
  convenience, a relevant excerpt of this list is reproduced below.

   1  IPv4 (IP version 4)
   2  IPv6 (IP version 6)
   3  NSAP
   4  HDLC (8-bit multidrop)
   5  BBN 1822
   6  802 (includes all 802 media plus Ethernet "canonical format")
...

  FreeRADIUS gets it *right*.  Many NAS vendors get it *wrong*.

> To create a user and assign the user to a particular VLAN by using 
> FreeRADIUS, open the
> etc/raddb/users file, which contains the user account information, and add 
> for the new user.
> The following example shows the entry for a user in the users file. The 
> username is
> “johndoe,” the password is “test1234.” The user is assigned to VLAN 77.
> 
> johndoe Auth-Type: = EAP, User-Password == “test1234"
>   Tunnel-Type = 13,
>   Tunnel-Medium-Type = 6,

  Or:  Tunnel-Medium-Type = IEEE-802

> 
> in both cases, it stays on "IDENTITY VALIDATION" in xp wireless management 
> and sometime i receive the right ip adresss in the right IP Pool. ut lost it 
> immediately, maybe cause of the repeating cycle of athentication sequence.
> AND, the client certificate, signed by the Server (not the CA root) is still 
> with the same message.
> 
> 
> hope it would be helpfull !!

  Arg.  Microsoft keeps putting magic nonsense into their OS's to make
it difficult to use non-Microsoft RADIUS servers.

  And yes, this *is* a problem even inside of Microsoft!  So if you're
finding it a PITA to get it working, rest assured that Microsoft does, too.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

__
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible 
contre les messages non sollicités 
http://mail.yahoo.fr Yahoo! Mail 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

__
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible 
contre les messages non sollicités 
http://mail.yahoo.fr Yahoo! Mail 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re : Re : howto EAP-TLS on freeradius 2.0.2-3 ??

2008-05-07 Thread Joel MBA OYONE 
Ok,

i think i really missed something! that config should take less than 15 minutes 
but i can't solve my problem for more than a week.

Alan or Ivan, could you give me a half our to help me to fix my RADIUS EAP-TLS 
config please. i would like to give you a full access to my network and my 
terminal too, so the diagnostic should be very very easy for you!
is it possible?

 
MBA OYONE Joël
Lot. El Firdaous
Bât GH20, Porte A 204, Appt 8
2 Oulfa
Casablanca - Maroc
 
Tél. : +212 69 25 85 70


- Message d'origine 
De : Alan DeKok <[EMAIL PROTECTED]>
À : FreeRadius users mailing list 
Envoyé le : Lundi, 5 Mai 2008, 17h18mn 10s
Objet : Re: Re : howto EAP-TLS on freeradius 2.0.2-3 ??

Joel MBA OYONE wrote:
...
> The VLAN attributes defined in RFC3580 are as follows:
> •   Tunnel-Type=VLAN (13)
> •   Tunnel-Medium-Type=802
> •   Tunnel-Private-Group-ID=VLANID
> 
> NOTE: The FreeRADIUS dictionary maps the 802 string value to the integer 6, 
> which
> is why client entries use 6 for the Tunnel-Medium-Type value.

  No.  For Tunnel-Medium-Type, "802" is a *name*, not a *number*.See
Section 3.2 of RFC 2868:

...
   Value
  The Value field is three octets and contains one of the values
  listed under "Address Family Numbers" in [14].  For the sake of
  convenience, a relevant excerpt of this list is reproduced below.

   1  IPv4 (IP version 4)
   2  IPv6 (IP version 6)
   3  NSAP
   4  HDLC (8-bit multidrop)
   5  BBN 1822
   6  802 (includes all 802 media plus Ethernet "canonical format")
...

  FreeRADIUS gets it *right*.  Many NAS vendors get it *wrong*.

> To create a user and assign the user to a particular VLAN by using 
> FreeRADIUS, open the
> etc/raddb/users file, which contains the user account information, and add 
> for the new user.
> The following example shows the entry for a user in the users file. The 
> username is
> “johndoe,” the password is “test1234.” The user is assigned to VLAN 77.
> 
> johndoe Auth-Type: = EAP, User-Password == “test1234"
>   Tunnel-Type = 13,
>   Tunnel-Medium-Type = 6,

  Or:  Tunnel-Medium-Type = IEEE-802

> 
> in both cases, it stays on "IDENTITY VALIDATION" in xp wireless management 
> and sometime i receive the right ip adresss in the right IP Pool. ut lost it 
> immediately, maybe cause of the repeating cycle of athentication sequence.
> AND, the client certificate, signed by the Server (not the CA root) is still 
> with the same message.
> 
> 
> hope it would be helpfull !!

  Arg.  Microsoft keeps putting magic nonsense into their OS's to make
it difficult to use non-Microsoft RADIUS servers.

  And yes, this *is* a problem even inside of Microsoft!  So if you're
finding it a PITA to get it working, rest assured that Microsoft does, too.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

__
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible 
contre les messages non sollicités 
http://mail.yahoo.fr Yahoo! Mail 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re : howto EAP-TLS on freeradius 2.0.2-3 ??

2008-05-05 Thread Joel MBA OYONE 
Ok, before radiusd -X lets see the scenario and config files:

step 1:
- the network use wireless grid technologie, all the AP are managed by one 
switch controler (dws-3024 - d-link)

- the AP should be authenticated by the RADIUS Server before they could be 
authorised to be managed by the switch controler. so this step, the dws-3024 is 
the Authenticator and the AP (dwl-8500AP+) is the supplicant.

at this stage, you adviced me to fix "Auth-Type := Accept" to the AP attribute 
in the user file, so everything is OK.

step 2:
the AP become the Authenticator cause it transmit the Authentication requests 
to the Radius Server (so it possesses an entry in client.conf) and the 
supplicant here is rhe wireless client.

dws-3024 documentation give a sample for wireless client as follow:

===
If you use an external RADIUS server to manage VLANs, you configure the server 
to use
Tunnel attributes in Access-Accept messages in order to inform the access point 
about the
selected VLAN. These attributes are defined in RFC 2868 and their use for 
dynamic VLAN is
specified in RFC 3580.

The VLAN attributes defined in RFC3580 are as follows:
•   Tunnel-Type=VLAN (13)
•   Tunnel-Medium-Type=802
•   Tunnel-Private-Group-ID=VLANID

NOTE: The FreeRADIUS dictionary maps the 802 string value to the integer 6, 
which
is why client entries use 6 for the Tunnel-Medium-Type value.

To create a user and assign the user to a particular VLAN by using FreeRADIUS, 
open the
etc/raddb/users file, which contains the user account information, and add for 
the new user.
The following example shows the entry for a user in the users file. The 
username is
“johndoe,” the password is “test1234.” The user is assigned to VLAN 77.

johndoe Auth-Type: = EAP, User-Password == “test1234"
  Tunnel-Type = 13,
  Tunnel-Medium-Type = 6,
  Tunnel-Private-Group-ID = 77

Tunnel-Type and Tunnel-Medium-Type use the same values for all stations. 
Tunnel-Private-
Group-ID is the selected VLAN ID and can be different for each user.
NOTE: Do not use the management VLAN ID of the AP for the value of the Tunnel-
Private-Group-ID.
==

so i create my certificates according to certs/README and the commonname for 
client is "mojo".

here is the log of Radiusd - X in an attemting connexion by the wireless 
clienst:
(Wireless security is WEP 802.1x and VLANID = 2)




radius:~ # radiusd  -X
FreeRADIUS Version 2.0.2, for host i686-suse-linux-gnu, built on Mar 18 2008 at 
19:47:59
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including configuration file /etc/raddb/snmp.conf
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/sql.conf
including configuration file /etc/raddb/sql/mysql/dialup.conf
including configuration file /etc/raddb/sql/mysql/counter.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/default
including dictionary file /etc/raddb/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/radius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = "/var/run/radiusd/radiusd.pid"
user = "radiusd"
group = "radiusd"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
 security {
max_attributes = 200
reject_delay = 1
status_server = yes
 }
}
 client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
 }
 client dws3024 {
ipaddr = 192.168.0.254
require_message_authenticator = yes
secret = "wireless"
nastype = "D-Link"
 }
 client Access_Point_DWL-8500AP+ {
ipaddr = 192.168.2.0
netmask = 24
require_message_authenticator = yes
secret = "wireless"
nastype = "D-Link"
 }
radiusd:  Loading Realms and Home Servers 
 proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 1

Re : Failed to open socket

2008-05-04 Thread Joel MBA OYONE 
I had exactly the same message cause i was running radiusd -X via putty on 
another computer and forgot it. (2.0.2-3). i stop it on putty, then restart 
radiusd -X on server and everything was ok.
maybe you are in the same case.

 
MBA OYONE Joël
Lot. El Firdaous
Bât GH20, Porte A 204, Appt 8
2 Oulfa
Casablanca - Maroc
 
Tél. : +212 69 25 85 70


- Message d'origine 
De : Alan DeKok <[EMAIL PROTECTED]>
À : FreeRadius users mailing list 
Envoyé le : Lundi, 5 Mai 2008, 8h28mn 51s
Objet : Re: Failed to open socket

Lemaster, Rob wrote:
> I recently upgraded to 2.0.4, and now I'm seeing the following error when I 
> start FreeRADIUS:
...
> Sat May  3 20:21:39 2008 : Error: ERROR: Failed to open socket: 
> Sat May  3 20:21:39 2008 : Error: 
> /opt/freeradius-2.0.4/etc/raddb/radiusd.conf[210]: Error binding to port for 
> 0.0.0.0 port 1812
> Sun May  4 01:37:24 2008 : Info: Ready to process requests.

  So it *does* eventually start.  Do you change the configuration
between the start attempts?  If not, then it's difficult to say why it
starts one time, and then not another.

  Maybe it's port re-use timers?  Or something like the FreeBSD Jail issue?

  Is there a ktrace functionality on your system to see which system
calls it's doing, and what the results are?

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


__
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible 
contre les messages non sollicités 
http://mail.yahoo.fr Yahoo! Mail 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

howto EAP-TLS on freeradius 2.0.2-3 ??

2008-05-03 Thread Joel MBA OYONE 
OK, 
radiusd -X and /etc/raddb/certs/bootstrap generated some files in 
/etc/raddb/certs like 
ca.pem
ca.key
01.pem
dh
index.txt
index.txt.attr
random
serial server.crt
srver.key
server.p12
server.pem
server.csr
xpxtensions
etc...
eap.conf point to the right paths.
i intend to authenticate wireless users on xp. i though there was already a 
certificate and private key for wireless client, but i can see that nowhere. si 
i think i should create my own certificate and privatekey for client and 
export install it on windows xp.
if i am true and did not forget something to do, my questions are:
- is there any problem with the CA private key file and server file extension? 
(ca.key instead of cakey.pem).
- which extension should i use for my windows xp certicate, and please, could 
you just give me the line! (like openssl req , openssl ca - ...-, openssl 
pkcs12, etc...)
sorry for silly questions, but i tried and surely missed something.
thank you for helping 

 
MBA OYONE Joël
Lot. El Firdaous
Bât GH20, Porte A 204, Appt 8
2 Oulfa
Casablanca - Maroc
 
Tél. : +212 69 25 85 70

__
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible 
contre les messages non sollicités 
http://mail.yahoo.fr Yahoo! Mail 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

howto EAP-TLS on freeradius 2.0.2-3 ??

2008-05-03 Thread Joel MBA OYONE 
OK, 
radiusd -X and /etc/raddb/certs/bootstrap generated some files in 
/etc/raddb/certs like 
ca.pem
ca.key
01.pem
dh
index.txt
index.txt.attr
random
serial server.crt
srver.key
server.p12
server.pem
server.csr
xpxtensions
etc...
eap.conf point to the right paths.
i intend to authenticate wireless users on xp. i though there was already a 
certificate and private key for wireless client, but i can see that nowhere. si 
i think i should create my own certificate and privatekey for client and 
export install it on windows xp.
if i am true and did not forget something to do, my questions are:
- is there any problem with the CA private key file and server file extension? 
(ca.key instead of cakey.pem).
- which extension should i use for my windows xp certicate, and please, could 
you just give me the line! (like openssl req , openssl ca - ...-, openssl 
pkcs12, etc...)
sorry for silly questions, but i tried and surely missed something.
thank you for helping 

 
MBA OYONE Joël
Lot. El Firdaous
Bât GH20, Porte A 204, Appt 8
2 Oulfa
Casablanca - Maroc
 
Tél. : +212 69 25 85 70

__
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible 
contre les messages non sollicités 
http://mail.yahoo.fr Yahoo! Mail 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re : authentication problem between supplicant and radius server

2008-05-03 Thread Joel MBA OYONE 
thank you guy!
It works, with only the @MAC ("00-1c-f0-07-d6-90") instead of 
"00-1c-f0-07-d6-90\000".
I wonder why the Radius server receive that "\000" information.


 
MBA OYONE Joël
Lot. El Firdaous
Bât GH20, Porte A 204, Appt 8
2 Oulfa
Casablanca - Maroc
 
Tél. : +212 69 25 85 70


- Message d'origine 
De : Ivan Kalik <[EMAIL PROTECTED]>
À : FreeRadius users mailing list 
Envoyé le : Vendredi, 2 Mai 2008, 19h34mn 11s
Objet : Re: authentication problem between supplicant and radius server

>I need some explanation with  what is going wrong in my config!
>
>i have :
> - freeradius 2.0.2-3 AS RADIUS SERVER
>- DWS3024 as authenticator (set up for transmit request to radius server 
>correctly)
>- (this step) DWL-8500AP as Access point (my spplicant)
>
>i had not that problem using that config on my previous system (fedora 8 + 
>freeradius 1.1-7).
>
>"Radiusd - X"  telles me that there is no "User-Password" attribute found on 
>the request whent the Access-Point (AP) tries to authenticate.
>it shows me "@MAC_ADDRESS" as login and "000# as password.
>the suppliers doc says default password is "NOPASSWORD".
>when i update the password in "users" file as "NOPASSWORD" or "000" or hen i 
>leave it empty, i have exactly the same results.
>
>below is my radiusd -X log, a part of my clients.cnf. file and same of "users" 
>file.
>maybe could someone tell me what i missed.
>
..
>rad_recv: Access-Request packet from host 192.168.0.254 port 49153, id=73, 
>length=79
>        User-Name = "00-1c-f0-07-d6-90\000"
>        NAS-Identifier = "00-17-9A-95-0C-18"
>        Message-Authenticator = 0xe7734b66fdcbf582530af8458ee4627e

AP is not sending anything as password.

>###
>
>"Users" file
>###
> AP 1 Auth-Type := Local, 
>00-1c-f0-07-d6-90\000 Auth-Type := Local, User-Password += "000"

Alter this to (and leave reply attributes as they are):

00-1c-f0-07-d6-90\000 Auth-Type := Accept

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


__
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible 
contre les messages non sollicités 
http://mail.yahoo.fr Yahoo! Mail 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

authentication problem between supplicant and radius server

2008-05-02 Thread Joel MBA OYONE 
Hello

I need some explanation with  what is going wrong in my config!

i have :
 - freeradius 2.0.2-3 AS RADIUS SERVER
- DWS3024 as authenticator (set up for transmit request to radius server 
correctly)
- (this step) DWL-8500AP as Access point (my spplicant)

i had not that problem using that config on my previous system (fedora 8 + 
freeradius 1.1-7).

"Radiusd - X"  telles me that there is no "User-Password" attribute found on 
the request whent the Access-Point (AP) tries to authenticate.
it shows me "@MAC_ADDRESS" as login and "000# as password.
the suppliers doc says default password is "NOPASSWORD".
when i update the password in "users" file as "NOPASSWORD" or "000" or hen i 
leave it empty, i have exactly the same results.

below is my radiusd -X log, a part of my clients.cnf. file and same of "users" 
file.
maybe could someone tell me what i missed.

thank you

# radiusd -X
##
FreeRADIUS Version 2.0.2, for host i686-suse-linux-gnu, built on Mar 18 2008 at 
19:47:59
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including configuration file /etc/raddb/snmp.conf
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/sql.conf
including configuration file /etc/raddb/sql/mysql/dialup.conf
including configuration file /etc/raddb/sql/mysql/counter.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/default
including dictionary file /etc/raddb/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/radius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = "/var/run/radiusd/radiusd.pid"
user = "radiusd"
group = "radiusd"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
 security {
max_attributes = 200
reject_delay = 1
status_server = yes
 }
}
 client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
 }
 client dws3024 {
ipaddr = 192.168.0.254
require_message_authenticator = yes
secret = "wireless"
 }
radiusd:  Loading Realms and Home Servers 
 proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
 }
 home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
 }
 home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
 }
 realm example.com {
auth_pool = my_auth_failover
 }
 realm LOCAL {
 }
radiusd:  Instantiating modules 
 instantiate {
 Module: Linked to module rlm_exec
 Module: Instantiating exec
  exec {
wait = yes
input_pairs = "request"
shell_escape = yes
  }
 Module: Linked to module rlm_expr
 Module: Instantiating expr
 Module: Linked to module rlm_expiration
 Module: Instantiating expiration
  expiration {
reply-message = "Password Has Expired  "
  }
 Module: Linked to module rlm_logintime
 Module: Instantiating logintime
  logintime {
reply-message = "You are calling outside your allowed timespan  "
minimum-timeout = 60
  }
 }
radiusd:  Loading Virtual Servers 
server {
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_pap
 Module: Instantiating pap
  pap {
encryption_scheme = "auto"
auto_header = no
  }
 Module: Linked to module rlm_chap
 Module: Instantiating chap
 Module: Linked to module rlm_mschap
 Module: Instantiating mschap
  mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
  }
 Module: Linked to module rlm_unix
 Module: Instantiating unix
  unix {
radwtmp = "/var/log/radius/radwtmp"
  }
 Module: Linked to module rlm_eap
 Module: Instantiating eap
  ea

Re : Re : Re : EAP-TLS/PEAP problem

2008-05-02 Thread Joel MBA OYONE 
Ok, i am sorry!

all i had to do is "yast install make" or something like that to be able to run 
the command...
ah... Linux !!

 
MBA OYONE Joël
Lot. El Firdaous
Bât GH20, Porte A 204, Appt 8
2 Oulfa
Casablanca - Maroc
 
Tél. : +212 69 25 85 70


- Message d'origine ----
De : Joel MBA OYONE <[EMAIL PROTECTED]>
À : FreeRadius users mailing list 
Envoyé le : Vendredi, 2 Mai 2008, 9h50mn 05s
Objet : Re : Re : EAP-TLS/PEAP problem

Hello list,

I've just installed SUSE 10.3 and freeradius 2.0.2.2-3 to easily setup my 
prevoious prob with eap.

right now, when i run "radiusd -W" i encounter this error message:

===
/etc/raddb/certs/bootstrap: line 15: make: command not found
Exec-Program output:
Exec-Program: returned: 127
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
/etc/raddb/sites-enabled/default[252]: Failed to find module "eap".
/etc/raddb/sites-enabled/default[199]: Errors parsing authenticate section.
}
}
Errors initializing modules

==

reading the readme file in certs/ directory, i understood that the script 
bootstrap should create the certificates and some other stuffs, and the should 
be renamed or destroyed.
- that i see is: the script didn't create nothing and could not be run.
could you please help me to fix it?


( my final goes is to use eap-tls / eap-peap to athenticate wireless clients, 
and like i said before, i am really newbie on linux. thanx for help)


MBA OYONE Joël
Lot. El Firdaous
Bât GH20, Porte A 204, Appt 8
2 Oulfa
Casablanca - Maroc

Tél. : +212 69 25 85 70


- Message d'origine 
De : Ivan Kalik <[EMAIL PROTECTED]>
À : FreeRadius users mailing list 
Envoyé le : Mercredi, 30 Avril 2008, 11h39mn 36s
Objet : Re: Re : EAP-TLS/PEAP problem

http://www.freeradius.org/download.html

Find the OS version that you have and download the latest freeradius
version rpm.

Ivan Kalik
Kalik Informatika ISP


Dana 30/4/2008, "Joel MBA OYONE" <[EMAIL PROTECTED]> piše:

>Well, as i am very very newbie on Linux. iuse to work on win2000/2003 before.
>Â i chose the easyway to install freeradius; the "yum" commaand gave me that 
>version.
>if the latest version is easy to install manually on fedora and is able to 
>work on a hp proliant ml-370 g5, i take it.
>Why not the latest version. It will create and install the certificates
>for you. Even if you don't want to install it you can download it and
>use it to create certificates.
>
>Ivan Kalik
>Kalik Informatika ISP
>
>
>Dana 30/4/2008, "Joel MBA OYONE" <[EMAIL PROTECTED]> piĹĄe:
>
>>Hello list.
>>I am sorry about my poor english skills but hope iĂÂ could be understood 
>>anyway.
>>I use freeradius 1.1-7 on fedora 8 (installed with yum command).ĂÂ right now, 
>>my users in the "/etc/raddb/users" file are able to authenticate without no 
>>problem.
>>iĂÂ intend to use eap-tls and eap-peap to authenticate my users. to do so, i 
>>read this tutorial: 
>>http://www.wi-fiplanet.com/tutorials/article.php/3557251ĂÂ (two sheets) which 
>>is very helpfull.
>>but on the second part of the tuto,ĂÂ i encounter a problem with the 
>>extensions part:
>>- it is said to create a file named "extensions" (my case 
>>/etc/pki/tls/extensions) and to copy that lines into:
>>[ xpclient_ext]
>>extendedKeyUsage = 1.3.6.1.5.5.7.3.2
>>[ xpserver_ext ]
>>extendedKeyUsage = 1.3.6.1.5.5.7.3.1
>>and then to modify my previous certificate like that:
>># openssl ca -out master_cert.pem -extensions xpserver -infiles ./masterreqpem
>># openssl ca -out client_cert.pem -extensions xpserver -infiles 
>>./clientreqpem 
>>when i do this, the system give me an error message:
>>[EMAIL PROTECTED] ensiasCA]# pwd
>>/etc/pki/CA/ensiasCA
>>[EMAIL PROTECTED] ensiasCA]# openssl ca -out certs/ensias_cert.pem 
>>-extensions xpserver_ext -infiles certs/radiusserverreq.pem 
>>Using configuration from /etc/pki/tls/openssl.cnf
>>Enter pass phrase for /etc/pki/CA/ensiasCA/private/cakey.pem:
>>Error Loading extension section xpserver_ext
>>4230:error:0E06D06C:configuration file routines:NCONF_get_string:no 
>>value:conf_lib.c:329:group=CA_default name=email_in_dn
>>[EMAIL PROTECTED] ensiasCA]# 
>>
>>i suppose i have problem creating extensions 
>>there's a long time i try to fix it (and some many before), and right now, i 
>>come and ask your help to fix it.
>>thanx for helping
>>
>>ĂÂ 
>>MBA OYONE JoÄŤl
>>Lot.. El Firdaous
>>BÄËt GH20, Porte A 204, Appt 8
>>2 Oulfa
>>Casablanca - Maroc
>>ĂÂ 
>>TÄĹ l. : +212 69 25 85 70
>>
>>___

Re : Re : EAP-TLS/PEAP problem

2008-05-02 Thread Joel MBA OYONE 
Hello list,

I've just installed SUSE 10.3 and freeradius 2.0.2.2-3 to easily setup my 
prevoious prob with eap.

right now, when i run "radiusd -W" i encounter this error message:

===
/etc/raddb/certs/bootstrap: line 15: make: command not found
Exec-Program output:
Exec-Program: returned: 127
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
/etc/raddb/sites-enabled/default[252]: Failed to find module "eap".
/etc/raddb/sites-enabled/default[199]: Errors parsing authenticate section.
 }
}
Errors initializing modules

==

reading the readme file in certs/ directory, i understood that the script 
bootstrap should create the certificates and some other stuffs, and the should 
be renamed or destroyed.
- that i see is: the script didn't create nothing and could not be run.
could you please help me to fix it?


( my final goes is to use eap-tls / eap-peap to athenticate wireless clients, 
and like i said before, i am really newbie on linux. thanx for help)

 
MBA OYONE Joël
Lot. El Firdaous
Bât GH20, Porte A 204, Appt 8
2 Oulfa
Casablanca - Maroc
 
Tél. : +212 69 25 85 70


- Message d'origine 
De : Ivan Kalik <[EMAIL PROTECTED]>
À : FreeRadius users mailing list 
Envoyé le : Mercredi, 30 Avril 2008, 11h39mn 36s
Objet : Re: Re : EAP-TLS/PEAP problem

http://www.freeradius.org/download.html

Find the OS version that you have and download the latest freeradius
version rpm.

Ivan Kalik
Kalik Informatika ISP


Dana 30/4/2008, "Joel MBA OYONE" <[EMAIL PROTECTED]> piše:

>Well, as i am very very newbie on Linux. iuse to work on win2000/2003 before.
>Â i chose the easyway to install freeradius; the "yum" commaand gave me that 
>version.
>if the latest version is easy to install manually on fedora and is able to 
>work on a hp proliant ml-370 g5, i take it.
>Why not the latest version. It will create and install the certificates
>for you. Even if you don't want to install it you can download it and
>use it to create certificates.
>
>Ivan Kalik
>Kalik Informatika ISP
>
>
>Dana 30/4/2008, "Joel MBA OYONE" <[EMAIL PROTECTED]> piĹĄe:
>
>>Hello list.
>>I am sorry about my poor english skills but hope iĂÂ could be understood 
>>anyway.
>>I use freeradius 1.1-7 on fedora 8 (installed with yum command).ĂÂ right now, 
>>my users in the "/etc/raddb/users" file are able to authenticate without no 
>>problem.
>>iĂÂ intend to use eap-tls and eap-peap to authenticate my users. to do so, i 
>>read this tutorial: 
>>http://www.wi-fiplanet.com/tutorials/article.php/3557251ĂÂ (two sheets) which 
>>is very helpfull.
>>but on the second part of the tuto,ĂÂ i encounter a problem with the 
>>extensions part:
>>- it is said to create a file named "extensions" (my case 
>>/etc/pki/tls/extensions) and to copy that lines into:
>>[ xpclient_ext]
>>extendedKeyUsage = 1.3.6.1.5.5.7.3.2
>>[ xpserver_ext ]
>>extendedKeyUsage = 1.3.6.1.5.5.7.3.1
>>and then to modify my previous certificate like that:
>># openssl ca -out master_cert.pem -extensions xpserver -infiles ./masterreqpem
>># openssl ca -out client_cert.pem -extensions xpserver -infiles 
>>./clientreqpem 
>>when i do this, the system give me an error message:
>>[EMAIL PROTECTED] ensiasCA]# pwd
>>/etc/pki/CA/ensiasCA
>>[EMAIL PROTECTED] ensiasCA]# openssl ca -out certs/ensias_cert.pem 
>>-extensions xpserver_ext -infiles certs/radiusserverreq.pem 
>>Using configuration from /etc/pki/tls/openssl.cnf
>>Enter pass phrase for /etc/pki/CA/ensiasCA/private/cakey.pem:
>>Error Loading extension section xpserver_ext
>>4230:error:0E06D06C:configuration file routines:NCONF_get_string:no 
>>value:conf_lib.c:329:group=CA_default name=email_in_dn
>>[EMAIL PROTECTED] ensiasCA]# 
>>
>>i suppose i have problem creating extensions 
>>there's a long time i try to fix it (and some many before), and right now, i 
>>come and ask your help to fix it.
>>thanx for helping
>>
>>ĂÂ 
>>MBA OYONE JoÄŤl
>>Lot.. El Firdaous
>>BÄËt GH20, Porte A 204, Appt 8
>>2 Oulfa
>>Casablanca - Maroc
>>ĂÂ 
>>TÄĹ l. : +212 69 25 85 70
>>
>>__
>>Do You Yahoo!?
>>En finir avec le spam? Yahoo! Mail vous offre la meilleure protection 
>>possible contre les messages non sollicitÄĹ s 
>>http://mail.yahoo.fr Yahoo! Mail
>>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>__
>Do You Yahoo!?
>En finir avec le spam? Yahoo! Mail

Re : EAP-TLS/PEAP problem

2008-04-30 Thread Joel MBA OYONE 
Well, as i am very very newbie on Linux. iuse to work on win2000/2003 before.
 i chose the easyway to install freeradius; the "yum" commaand gave me that 
version.
if the latest version is easy to install manually on fedora and is able to work 
on a hp proliant ml-370 g5, i take it.
Why not the latest version. It will create and install the certificates
for you. Even if you don't want to install it you can download it and
use it to create certificates.

Ivan Kalik
Kalik Informatika ISP


Dana 30/4/2008, "Joel MBA OYONE" <[EMAIL PROTECTED]> piše:

>Hello list.
>I am sorry about my poor english skills but hope i could be understood anyway.
>I use freeradius 1.1-7 on fedora 8 (installed with yum command). right now, 
>my users in the "/etc/raddb/users" file are able to authenticate without no 
>problem.
>i intend to use eap-tls and eap-peap to authenticate my users. to do so, i 
>read this tutorial: 
>http://www.wi-fiplanet.com/tutorials/article.php/3557251 (two sheets) which 
>is very helpfull.
>but on the second part of the tuto, i encounter a problem with the extensions 
>part:
>- it is said to create a file named "extensions" (my case 
>/etc/pki/tls/extensions) and to copy that lines into:
>[ xpclient_ext]
>extendedKeyUsage = 1.3.6.1.5.5.7.3.2
>[ xpserver_ext ]
>extendedKeyUsage = 1.3.6.1.5.5.7.3.1
>and then to modify my previous certificate like that:
># openssl ca -out master_cert.pem -extensions xpserver -infiles ./masterreq.pem
># openssl ca -out client_cert.pem -extensions xpserver -infiles 
>./clientreq.pem 
>when i do this, the system give me an error message:
>[EMAIL PROTECTED] ensiasCA]# pwd
>/etc/pki/CA/ensiasCA
>[EMAIL PROTECTED] ensiasCA]# openssl ca -out certs/ensias_cert.pem -extensions 
>xpserver_ext -infiles certs/radiusserverreq.pem 
>Using configuration from /etc/pki/tls/openssl.cnf
>Enter pass phrase for /etc/pki/CA/ensiasCA/private/cakey.pem:
>Error Loading extension section xpserver_ext
>4230:error:0E06D06C:configuration file routines:NCONF_get_string:no 
>value:conf_lib.c:329:group=CA_default name=email_in_dn
>[EMAIL PROTECTED] ensiasCA]# 
>
>i suppose i have problem creating extensions 
>there's a long time i try to fix it (and some many before), and right now, i 
>come and ask your help to fix it.
>thanx for helping
>
> 
>MBA OYONE JoĂŤl
>Lot.. El Firdaous
>Bât GH20, Porte A 204, Appt 8
>2 Oulfa
>Casablanca - Maroc
> 
>TĂŠl. : +212 69 25 85 70
>
>__
>Do You Yahoo!?
>En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible 
>contre les messages non sollicitĂŠs 
>http://mail.yahoo.fr Yahoo! Mail
>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


__
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible 
contre les messages non sollicités 
http://mail.yahoo.fr Yahoo! Mail 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

EAP-TLS/PEAP problem

2008-04-30 Thread Joel MBA OYONE 
Hello list.
I am sorry about my poor english skills but hope i could be understood anyway.
I use freeradius 1.1-7 on fedora 8 (installed with yum command). right now, my 
users in the "/etc/raddb/users" file are able to authenticate without no 
problem.
i intend to use eap-tls and eap-peap to authenticate my users. to do so, i read 
this tutorial: http://www.wi-fiplanet.com/tutorials/article.php/3557251 (two 
sheets) which is very helpfull.
but on the second part of the tuto, i encounter a problem with the extensions 
part:
- it is said to create a file named "extensions" (my case 
/etc/pki/tls/extensions) and to copy that lines into:
[ xpclient_ext]
extendedKeyUsage = 1.3.6.1.5.5.7.3.2
[ xpserver_ext ]
extendedKeyUsage = 1.3.6.1.5.5.7.3.1
and then to modify my previous certificate like that:
# openssl ca -out master_cert.pem -extensions xpserver -infiles ./masterreq.pem
# openssl ca -out client_cert.pem -extensions xpserver -infiles ./clientreq.pem 
when i do this, the system give me an error message:
[EMAIL PROTECTED] ensiasCA]# pwd
/etc/pki/CA/ensiasCA
[EMAIL PROTECTED] ensiasCA]# openssl ca -out certs/ensias_cert.pem -extensions 
xpserver_ext -infiles certs/radiusserverreq.pem 
Using configuration from /etc/pki/tls/openssl.cnf
Enter pass phrase for /etc/pki/CA/ensiasCA/private/cakey.pem:
Error Loading extension section xpserver_ext
4230:error:0E06D06C:configuration file routines:NCONF_get_string:no 
value:conf_lib.c:329:group=CA_default name=email_in_dn
[EMAIL PROTECTED] ensiasCA]# 

i suppose i have problem creating extensions 
there's a long time i try to fix it (and some many before), and right now, i 
come and ask your help to fix it.
thanx for helping

 
MBA OYONE Joël
Lot. El Firdaous
Bât GH20, Porte A 204, Appt 8
2 Oulfa
Casablanca - Maroc
 
Tél. : +212 69 25 85 70

__
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible 
contre les messages non sollicités 
http://mail.yahoo.fr Yahoo! Mail -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html